Vulnerabilities Flashcards

1
Q

Cloud-based Vulnerabilities:

A

Data breaches: Unauthorized access to sensitive data stored in the cloud.
Insecure APIs: Vulnerabilities in APIs may expose data or allow unauthorized actions.
Shared resources: Misconfigurations leading to exposure of data or resources to unintended parties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

On-premises vulnerabilities:

A

Physical access: Unauthorized access to on-premises servers or infrastructure.
Local network vulnerabilities: Weaknesses in the internal network could lead to unauthorized access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Zero-day

A

Exploitation before patching: Attackers can exploit vulnerabilities before developers release a patch.
Limited mitigation strategies: Lack of available fixes or workarounds increases the risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Weak Configurations
Open Permissions:

A

Unauthorized access and data exposure.
Potential for privilege escalation attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Weak Configurations
Unsecure Root Accounts:

A

Unauthorized control and manipulation of critical systems.
Complete compromise of the system’s integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Weak Configurations
Errors:

A

Bugs or misconfigurations leading to unintended vulnerabilities.
Exploitable loopholes for attackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Weak Configurations
Weak Encryption:

A

Exposure of sensitive data during transmission or storage.
Eavesdropping and data theft.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Weak Configurations
Unsecure Protocols:

A

Use of outdated or insecure communication protocols.
Potential for interception and manipulation of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Weak Configurations
Default Settings:

A

Use of default configurations that may have known vulnerabilities.
Easy targets for automated attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Weak Configurations
Open Ports and Services:

A

Unauthorized access to systems through open ports.
Exploitable services leading to compromise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Third-party Risks
System Integration:

A

Integration flaws leading to vulnerabilities in the overall system.
Compatibility issues that could be exploited.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Third-party Risks
Vendor Management:

A

Dependence on third-party vendors who may have their security vulnerabilities.
Lack of control over the security practices of external entities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Third-party Risks
Lack of Vendor Support:

A

Unsupported or obsolete software with unpatched vulnerabilities.
Limited assistance in case of security incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Third-party Risks
Supply Chain:

A

Compromised components introduced during the supply chain process.
Malicious modifications to hardware or software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Third-party Risks
Outsourced Code Development:

A

Security vulnerabilities introduced by external developers.
Limited visibility and control over the development process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Third-party Risks
Data Storage:

A

Insecure storage practices by third-party providers.
Potential for data exposure or leakage.

12
Q

Improper or Weak Patch Management
Firmware, OS, and Applications:

A

Failure to apply patches promptly exposes systems to known vulnerabilities.
Increased risk of exploitation.

13
Q

Legacy Platforms
Lack of Support:

A

Unsupported systems are not receiving security updates.
Proliferation of vulnerabilities with no resolution

14
Q

Impacts
Data Loss:

A

Loss or corruption of sensitive data.
Financial and legal consequences.

15
Q

Impacts
Data Breaches:

A

Unauthorized access to confidential information.
Reputational damage.

16
Q

Impacts
Data Exfiltration:

A

Theft and unauthorized transfer of sensitive data.
Loss of intellectual property.

17
Q

Impacts
Identity Theft:

A

Unauthorized use of personal information.
Financial and legal repercussions for individuals.

18
Q

Impacts
Financial Impact:

A

Costs associated with addressing security incidents.
Loss of revenue due to downtime or reputational damage.

19
Q

Impacts
Reputation:

A

Erosion of trust among customers and stakeholders.
Long-term damage to the brand.

20
Q

Impacts
Availability Loss:

A

Disruption of services leading to downtime.
Impaired business operations.